Mirroring refers to the process of copying
packets that meet the specified rules to a destination port. Generally, a destination
port is connected to a data detect device, which users can use to analyze the mirrored
packets for monitoring and troubleshooting the network.
Figure 1-1 Mirroring
Port mirroring refers to the process of
copying the packets received or sent by the specified port to the destination
port.
Remote switched port analyzer (RSPAN)
refers to remote port mirroring. It eliminates the limitation that the source
port and the destination port must be located on the same switch. This feature makes
it possible for the source port and the destination port to be located across
several devices in the network, and facilitates the network administrator to manage
remote switches.
The application of RSPAN is illustrated in
the following figure:
Figure 1-2 RSPAN application
There are three types of switches with the
RSPAN enabled.
l
Source switch: The monitored port resident switch.
Through Layer 2 forwarding, it sends traffics to be mirrored to an intermediate
switch or destination switch over the remote-probe VLAN.
l
Intermediate switch: Switches between the source
switch and destination switch on the network. An intermediate switch forwards mirrored
traffic flows to the next intermediate switch or the destination switch. Circumstances
can occur where no intermediate switch is present, if a direct connection
exists between the source and destination switches.
l
Destination switch: The remote mirroring destination
port resident switch. It forwards mirrored traffic flows it received from the remote-probe
VLAN to the monitoring device through the destination port.
Table 1-1 describes how the ports on various switches are involved in the mirroring operation.
Table 1-1 Ports involved in the mirroring operation
|
Switch
|
Ports involved
|
Function
|
|
Source switch
|
Source port
|
Port monitored. It copies user data
packets to the specified reflector port through local port mirroring. There can
be more than one source port.
|
|
Reflector port
|
Receives user data packets that are
mirrored on a local port.
|
|
Trunk port
|
Sends mirrored packets to the
intermediate switch or the destination switch.
|
|
Intermediate switch
|
Trunk port
|
Sends mirrored packets to the destination
switch.
Two Trunk ports are necessary for the
intermediate switch to connect the devices at the source switch side and the
destination switch side.
|
|
Destination
switch
|
Trunk port
|
Receives
remote mirrored packets.
|
|
Destination port
|
Monitors remote mirrored packets
|
To implement remote port mirroring, you
need to define a special VLAN, called remote-probe VLAN, on a switch. All
mirrored packets will be transferred from the source switch to the destination
ports of the destination switch through this VLAN. Thus, the destination switch
can monitor the port packets sent from the ports of the source switch. Remote-probe
VLAN requires that:
l
All ports connecting the devices in remote-probe
VLAN are configured as the trunk ports.
l
The default VLAN and management VLAN cannot be
configured as remote-probe VLAN.
l
Layer 2 interoperability must be ensured by configuration
between the source and destination switches over the remote-probe VLAN.
Caution:
To ensure the normal
packet mirroring, it is not recommended to perform any of the following
operations on the remote-probe VLAN:
l
Configuring a source port to the remote-probe
VLAN that is used by the local mirroring group;
l
Configuring a Layer 3 interface for the remote-probe
VLAN;
l
Configuring to run other protocol packets, or
bear other service packets;
l
Using remote-probe VLAN as a special type of
VLAN, such as voice VLAN or protocol VLAN;
l
Configuring other VLAN-related functions.
1.2 Mirroring Configuration
For mirroring features, see section 1.1 "Mirroring Overview".
I. Configuration prerequisites
l
The source port is determined and whether the
packets to be mirrored are inbound, outbound or both inbound and outbound is
specified. Inbound means only to mirror the packets received by the port;
outbound means only to mirror the packets sent by the port; both
means to mirror the packets received and sent by the port.
l
The destination port is determined.
l
The mirroring group number is determined.
II. Configuring port mirroring in
Ethernet port view
Table 1-2 Configure port mirroring in Ethernet port view (1)
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Create a port mirroring group
|
mirroring-group group-id local
|
Required
|
|
Enter Ethernet port view of the
determined destination port
|
interface interface-type interface-number
|
—
|
|
Define the current port as the
destination port
|
monitor-port
|
Required
LACP and TCP must be disabled on the
destination port.
|
|
Exit current view
|
quit
|
—
|
|
Enter Ethernet port view of the
determined source port
|
interface interface-type interface-number
|
—
|
|
Define the current port as the source
port and specify the direction of the packets to be mirrored
|
mirroring-port { inbound | outbound | both }
|
Required
|
|
Display the mirroring parameter settings
|
display mirroring-group { all | local }
|
Optional
This command can be executed in
any view.
|
If you specify the
destination port and source port in Ethernet port view without creating a port mirroring
group, mirroring group 1 will be created automatically.
Table 1-3 Configure port mirroring in Ethernet port view (2)
|
Operation
|
Command
|
Description
|
|
Enter
system view
|
system-view
|
—
|
|
Create a
port mirroring group
|
mirroring-group
group-id local
|
Required
|
|
Enter
Ethernet port view of the determined destination port
|
interface interface-type interface-number
|
—
|
|
Define the
current port as the destination port
|
mirroring-group group-id monitor-port
|
Required
LACP and
TCP must be disabled on the destination port
|
|
Exit current view
|
quit
|
—
|
|
Enter Ethernet port view of the
determined source port
|
interface interface-type interface-number
|
—
|
|
Define the current port as the source
port and specify the direction of the packets to be mirrored
|
mirroring-group group-id mirroring-port { both | inbound | outbound }
|
Required
|
|
Display the mirroring parameter settings
|
display mirroring-group { all | local }
|
Required
This command can be executed in
any view.
|
III. Configuring port mirroring in
system view
Table 1-4 Configure port mirroring in system view
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Create a port mirroring group
|
mirroring-group group-id local
|
Required
|
|
Define the determined destination port
|
mirroring-group group-id monitor-port monitor-port
|
Required
LACP and TCP must be disabled on the
destination port.
|
|
Define the determined source port and
specify the direction of the packets to be mirrored
|
mirroring-group group-id mirroring-port mirroring-port-list { both | inbound | outbound }
|
Required
|
|
Display the mirroring parameter settings
|
display mirroring-group { all | local }
|
Optional
This command can be executed in
any view.
|
l
Configurations listed in Table 1-2 do not involve specifying a mirroring group. Therefore these mirroring
settings made in Ethernet port view applies to mirroring group 1 only.
l
Configurations listed in Table 1-3 can be used to add mirroring settings for any defined mirroring
group in Ethernet port view.
l
Configurations listed in Table 1-4 are performed in system view. Therefore the mirroring group ID and
port number must be specified.
IV. Configuration Example
Network requirements:
l
The source port is GigabitEthernet 1/1/1. All
packets received and sent by this port are to be mirrored.
l
The destination port is GigabitEthernet 1/1/4.
Configuration procedure 1:
<H3C> system-view
[H3C] mirroring-group 1 local
[H3C] interface gigabitEthernet 1/1/4
[H3C-GigabitEthernet1/1/4]
monitor-port
[H3C-GigabitEthernet1/1/4] quit
[H3C] interface gigabitEthernet 1/1/1
[H3C-GigabitEthernet1/1/1] mirroring-port
both
Configuration procedure 2:
<H3C> system-view
[H3C] mirroring-group 1 local
[H3C] interface GigabitEthernet 1/1/4
[H3C-GigabitEthernet1/1/4] mirroring-group
1 monitor-port
[H3C-GigabitEthernet1/1/4] quit
[H3C] interface GigabitEthernet 1/1/1
[H3C-GigabitEthernet1/1/1] mirroring-group
1 mirroring-port both
Configuration procedure 3:
<H3C> system-view
[H3C] mirroring-group 1 local
[H3C] mirroring-group 1 monitor-port GigabitEthernet
1/1/4
[H3C] mirroring-group 1 mirroring-port
GigabitEthernet 1/1/1 both
I. Configuration prerequisites
l
The source switch, intermediate switch, and the
destination switch are determined.
l
The source port, the reflector port, the
destination port, and the remote-probe VLAN are determined.
l
Layer 2 interoperability is ensured by configuration
between the source and destination switches over the remote-probe VLAN
l
The direction of the packets to be monitored is
determined.
l
The remote-probe VLAN is enabled.
Table 1-5 Configure
RSPAN on the source switch
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Create a VLAN and enter the VLAN view
|
vlan vlan-id
|
vlan-id is
the ID of the remote-probe VLAN to be defined.
|
|
Define the current VLAN as the remote-probe
VLAN
|
remote-probe vlan enable
|
Required
|
|
Exit the current view
|
quit
|
—
|
|
Enter the port view of the port that
connects to the intermediate switch or destination switch
|
interface interface-type interface-number
|
—
|
|
Configure the current port as Trunk port
|
port link-type trunk
|
Required
By default, the port type is Access.
|
|
Configure Trunk port to permit packets
from the remote-probe VLAN
|
port trunk permit vlan remote-probe-vlan-id
|
Required
This setting is required for the source
switch port that connects to the intermediate switch or destination switch.
|
|
Exit current view
|
quit
|
—
|
|
Configure a remote source mirroring group
|
mirroring-group group-id remote-source
|
Required
|
|
Configure a source port for remote
mirroring
|
mirroring-group group-id mirroring-port mirroring-port-list { both | inbound | outbound }
|
Required
|
|
Configure a remote reflector port
|
mirroring-group group-id reflector-port reflector-port
|
Required
The remote reflector port must be of the
Access type. LACP and STP must be disabled on this port.
After a port is configured as a reflector
port, the switch does not allow you to perform any of the following
configurations:
l
Changing the port type or its default VLAN ID
l
Add the port to another VLAN
|
|
Configure the remote-probe VLAN for the
remote source mirroring group
|
mirroring-group group-id remote-probe vlan remote-probe-vlan-id
|
Required
|
|
Display the configuration of the remote
source mirroring group
|
display mirroring-group remote-source
|
Optional
This command can be executed in
any view.
|
l
To mirror tagged packets, you need to configure
VLAN VPN on the reflector port.
l
The reflector port cannot forward traffics as a
normal port. In this scenario, it is recommended that you use an idle and down
port as the reflector port, and do not perform other configuration on this
port.
l
If the mac-address max-mac-count
0 command is executed on a port in a VLAN, it is recommended not to configure
this VLAN as the remote-probe VLAN. Otherwise, remote mirroring may not work properly.
l
Do not configure a port connecting the
intermediate switch or destination switch as the mirroring source port.
Otherwise, traffic disorder may occur in the network.
Table 1-6 Configure RSPAN on the
intermediate switch
|
Operation
|
Command
|
Description
|
|
Enter
system view
|
system-view
|
—
|
|
Create a VLAN and enter VLAN view
|
vlan vlan-id
|
vlan-id is the ID of the remote-probe VLAN to be defined.
|
|
Define the current VLAN as a remote-probe
VLAN
|
remote-probe vlan enable
|
Required
|
|
Exit the current view
|
quit
|
—
|
|
Enter Ethernet port view of the port connecting
to the source switch, destination switch or other intermediate switch
|
interface interface-type interface-number
|
—
|
|
Configure the current port as Trunk port
|
port link-type trunk
|
Required
By default, the port type is Access.
|
|
Configure Trunk port to permit packets
from the remote-probe VLAN
|
port trunk permit vlan remote-probe-vlan-id
|
Required
This configuration is necessary for ports
on the intermediate switch that are connected to the source switch, the
destination switch or other intermediate switch.
|
Table 1-7 Configure RSPAN on the destination
switch
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Create a VLAN and enter VLAN view
|
vlan vlan-id
|
vlan-id is the ID of the remote-probe VLAN to be defined.
|
|
Define the current VLAN as a remote-probe
VLAN
|
remote-probe vlan enable
|
Required
|
|
Exit the current view
|
quit
|
—
|
|
Enter Ethernet port view of the port connecting
to the source switch or an intermediate switch
|
interface interface-type interface-number
|
—
|
|
Configure the current port as Trunk port
|
port link-type trunk
|
Required
By default, the port type is Access.
|
|
Configure Trunk port to permit packets
from the remote-probe VLAN
|
port trunk permit vlan remote-probe-vlan-id
|
Required
This configuration is necessary for ports
through which the destination switch is connected to the source switch or an intermediate
switch.
|
|
Exit the current view
|
quit
|
—
|
|
Configure a remote destination mirroring
group
|
mirroring-group group-id remote-destination
|
Required
|
|
Configure the destination port for remote
mirroring
|
mirroring-group group-id monitor-port monitor-port
|
Required
The destination port for remote mirroring
must be of the Access type. LACP and STP must be disabled on this port.
After you configure a port as the
destination port for remote mirroring, the switch does not allow you to
change the port type or its default VLAN ID.
|
|
Configure the remote-probe VLAN for the remote
destination mirroring group
|
mirroring-group group-id remote-probe vlan remote-probe-vlan-id
|
Required
|
|
Display the configuration of the remote destination
mirroring group
|
display mirroring-group
remote-destination
|
Optional
This command can be executed in
any view.
|
If the mac-address max-mac-count 0
command is executed on a port in a VLAN, it is recommended not to configure this
VLAN as the remote-probe VLAN. Otherwise, remote mirroring may not work
properly.
V. Configuration example
Network
requirements:
l
Switch A is connected to the data detect device through
GigabitEthernet 1/1/2.
l
GigabitEthernet 1/1/1, the Trunk port of Switch
A, is connected to GigabitEthernet 1/1/1, the Trunk port of Switch B.
l
GigabitEthernet 1/1/2, the Trunk port of Switch
B, is connected to GigabitEthernet 1/1/1, the Trunk port of Switch C.
l
GigabitEthernet 1/1/2, the port of Switch C, is
connected to PC1.
The purpose is to use the data detect
device to monitor and analyze the packets sent by PC1.
To meet the above purpose by using the
RSPAN function, perform the following configuration:
l
Define VLAN10 as the remote-probe VLAN.
l
Define Switch A as the destination switch;
configure GigabitEthernet 1/1/2, the port that is connected to the data detect
device, as the destination port for remote mirroring. Set GigabitEthernet1/1/2 to
an Access port, with STP and LACP functions disabled.
l
Define Switch B as the intermediate switch.
l
Define Switch C as the source switch, GigabitEthernet
1/1/2 as the source port for remote mirroring, and GigabitEthernet 1/1/3 as the
reflector port. Set GigabitEthernet 1/1/3 to an Access port, with STP and LACP disabled.
Network diagram:
Figure 1-3 Network diagram for RSPAN
Configuration procedure:
# Configure Switch C.
<H3C> system-view
[H3C] vlan 10
[H3C-vlan10] remote-probe vlan enable
[H3C-vlan10] quit
[H3C] interface GigabitEthernet 1/1/1
[H3C-GigabitEthernet1/1/1] port
link-type trunk
[H3C-GigabitEthernet1/1/1] port trunk
permit vlan 10
[H3C-GigabitEthernet1/1/1] quit
[H3C] mirroring-group 1 remote-source
[H3C] mirroring-group 1 mirroring-port
GigabitEthernet 1/1/2 inbound
[H3C] mirroring-group 1 reflector-port
GigabitEthernet 1/1/3
[H3C] mirroring-group 1 remote-probe
vlan 10
[H3C] display mirroring-group
remote-source
mirroring-group 1:
type: remote-source
status: active
mirroring port:
GigabitEthernet1/1/2 outbound
reflector port:
GigabitEthernet1/1/3
remote-probe vlan: 10
# Configure Switch B.
<H3C> system-view
[H3C] vlan 10
[H3C-vlan10] remote-probe vlan enable
[H3C-vlan10] quit
[H3C] interface GigabitEthernet 1/1/1
[H3C-GigabitEthernet1/1/1] port
link-type trunk
[H3C-GigabitEthernet1/1/1] port trunk
permit vlan 10
[H3C-GigabitEthernet1/1/1] quit
[H3C] interface GigabitEthernet 1/1/2
[H3C-GigabitEthernet1/1/2] port
link-type trunk
[H3C-GigabitEthernet1/1/2] port trunk
permit vlan 10
# Configure Switch A.
<H3C> system-view
[H3C] vlan 10
[H3C-vlan10] remote-probe vlan enable
[H3C-vlan10] quit
[H3C] interface GigabitEthernet 1/1/1
[H3C-GigabitEthernet1/1/1] port
link-type trunk
[H3C-GigabitEthernet1/1/1] port trunk
permit vlan 10
[H3C-GigabitEthernet1/1/1] quit
[H3C] mirroring-group 1
remote-destination
[H3C] mirroring-group 1 monitor-port
GigabitEthernet 1/1/2
[H3C] mirroring-group 1 remote-probe
vlan 10
[H3C] display mirroring-group
remote-destination
mirroring-group 1:
type: remote-destination
status: active
monitor port:
GigabitEthernet1/1/2
remote-probe vlan: 10
After the above configuration, you can use
the display command in any view to view the mirroring running information,
so as to verify the configurations you made.
Table 1-8 Display mirroring parameter settings
|
Operation
|
Command
|
Description
|
|
Display parameter settings of a mirroring
group
|
display mirroring-group { group-id
| all | local | remote-destination | remote-source
}
|
The command can be executed in any
view.
|
